MS pulled the Workarounds from the Security Advisory page when the patch was
released and I'm not aware of the "XML Island" workaround being available
anywhere else (though you might try a thorough & careful Google search).
While I can point you to a blog entry about how to Undo the "XML Island"
workaround, I don't think it'd help you. So I supposed your best bet would
be the limited amount of info here, Jim:
http://blogs.technet.com/swi/archive/2008/12/12/Clarification-on-the-various-workarounds-from-the-recent-IE-advisory.aspx
I should note that while there are an ever-increasing number of webpages out
there which take advantage of this now-patched vulnerability, it's highly
unlikely that an informed user who practices Safe Hex (and doesn't go to
p0rn sites and doesn't click on "See the dancing pigs!" links, etc.) will
encounter them. YMMV, of course, since there's no such thing as a 100% safe
browser or OS.
For the record, support for Win9x ended on 11 July 2006 and no further
security updates will be released for these OSS. To be as safe as possible
and running a Windows PC, upgrade to WinXP SP3 or higher.
--
~Robear Dyer (PA Bear)
MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002
AumHa VSOP & Admin http://aumha.net
DTS-L http://dts-l.net/
Post by JimI am supposing that the win98+ crowd will not get an security update. Is
this correct? What if anything should we do for the mitigating
workarounds?
HKEY_CLASSES_ROOT\CLSID\{379E501F-B231-11D1-ADC1-00805FC752D8}
The default value is: "MsxmlIsland"
Should we make it, "" a blank or what? Any Ideas?
Post by PA Bear [MS MVP]Microsoft Security Bulletin MS08-078 - Critical: Security Update for
http://www.microsoft.com/technet/security/bulletin/ms08-078.mspx
Post by PA Bear [MS MVP]Microsoft Security Bulletin Advance Notification for December 2008
<QP>
This is an advance notification of an out-of-band security bulletin that
Microsoft is intending to release on December 17, 2008.
</QP>
Source: http://www.microsoft.com/technet/security/Bulletin/ms08-dec.mspx